Logstash configuration that accepts json file from filebeat. It overrides filebeat's additional fields and takes the type from the json rath

2/17/2016 - 2:02 PM

Logstash configuration that accepts json file from filebeat. It overrides filebeat's additional fields and takes the type from the json rath

Logstash configuration that accepts json file from filebeat. It overrides filebeat's additional fields and takes the type from the json rather than filebeat.

logstash.conf

input {
  beats {
    port => 5044
  }
}

filter {
  if [type] == "beat" {
    mutate {
      remove_field => ["type", "beat", "input_type", "offset", "source", "fields"]
    }

    json {
      source => "message"
    }

    mutate {
      remove_field => "message"
    }
  }
}

Cacher is the code snippet organizer for pro developers

We empower you and your team to get more done, faster

Logstash configuration that accepts json file from filebeat. It overrides filebeat's additional fields and takes the type from the json rath